Basic small business security

10 November 2017Mark Dunn2 min read

Whilst most small businesses are more than happy to utilise the power of the internet for marketing and profit potential, many ignore the potential threats of the net. The internet is full of malicious activity, and while you might be sceptical that hackers will target your business, it’s more common than you think. The problem is even worse if you have an online website built on popular but sometimes easily damaged platforms like WordPress and Joomla, where you need to be very serious about the importance of internet security and keep up with all the security updates.

Ransomware is one of the latest forms of malicious activity to make the headlines. Hackers generally aim to take control over sensitive or mission-critical information in the view to making demands in order for the data to be returned to the owner. Being one of the most significant threats that you are likely to face as a business, ransomware can hit anyone. Contrary to popular belief, small businesses are often more of a target than bigger businesses, since they do not always have the resources to deal with the threat or recover from the implications of not giving into the hacker’s demands.

Luckily, there are some simple methods that your business can employ to bolster your security and keep your customers safe.

Basic Small Business Security Protocols

  • Complex passwords. Aim to set a password policy to ensure anyone working on your systems creates a password consisting of numbers, letters and symbols. It is also recommended that passwords are at the very least 8 characters long.
  • Two-factor authentication (it isn’t as scary as it sounds). This involves adding an extra step when logging into web services, whereby users are required to generate a code on their phone to log in.
  • Create clear access hierarchies. Make sure that you only give access to each part of your IT infrastructure to people that need it; being too blasé about who has access to what can be your downfall.
  • Be very clear about logging of activity – there is all manner of software for everything from activity logging to mouse tracking to see what, where and who was at fault for any kind of breach.
  • Keep software updated. Once a vulnerability becomes known, software companies are usually quicky to solve the problem (and sometimes not). Hackers are also aware of the vulnerability at this point, so it is imperative that you keep software updated and stop staff postponing updates.
  • Take backups. It is much easier to recover from a breach if you have a recent backup you can revert to. Aim to set up automatic backups daily so you do not have to remember to do them manually.

Hackers move at a rapid pace and you cannot think that your security upgrade 2-3 years ago is still effective today; in a matter of weeks, nevermind years, those updates can become obsolete. Keep in mind that many malicious tools are looking for the kind of software you need to operate: MS Office, AutoCAD, Adobe Photoshop etc. Think of the time and productivity this will cost you if you lost access to your data or the tools you require to function, compared to the time to implement some basic security practices.

Never underestimate the importance of cybersecurity and never leave your business without any kind of legitimate preparation to manage the problem. At the least, you should look to have a regular security audit carried out by your in-house IT team, or outsource your security to another company.